[rbldnsd] Use rbldnsd behind bind9

[meepmeep @ Fantasya.org]

Hi

As an IRC Network administrator, I'm using rbldnsd to create my own black
list of private botnet.
It works great locally, everything is fine. But, with the time, private
botnet goes over other IRC Network, and we thought that it would be a great
idea to share our dnsbl.

Currently and locally, I request my bind server (listen on 127.0.0.1 and
x.x.x.226, both on port 53), and it transfer the request to rbldnsd (listen
to public ip : x.x.x.229, port 53).
I could ask bind or rbldnsd, it works while I'm still on my server.

Now, I tried to use this rbldnsd from "outside", and I have a problem ...
I add 2 entries in my DNS configuration:

testbl.mydomain.com IN NS x.x.x.229 (direct access to rbldnsd)
testbl1.mydomaine.com IN NS x.x.x.226 (direct access to bind)

I add this on my bind configuration :
zone "testbl1.mydomain.com" IN {
        type forward;
        forward first;
        forwarders {
                x.x.x.229 port 53;
        };


(in every case, bind should transfer the request to rbldnsd on x.x.x.229)

My ip4set on rbldnsd start like this :
$SOA 0 noc.mydomain.com noc.mydomain.com 2010071801 15 1m 4w 15
$NS 0 noc.mydomain.com
$TTL 10s
:127.0.0.2:IP $ is listed as corrupt
1.1.1.1 :4:prout
etc.

And rbldnsd is launch like this :
/usr/sbin/rbldnsd -p /var/run/rbldnsd.pid -r /var/lib/rbldns -w . -v -f -b
x.x.x.229/53 -t 30 -l rbldns.log -s rbldns.stats dnsbl.irc:ip4set:openhost
dnsbl.myircnetwork.ext:ip4set:openhost  testbl.mydomain.com:ip4set:openhost
testbl1.mydomain.com:ip4set:openhost

And last point (which is for me the source of the problem):
In bind configuration :

     recursion yes;
     allow-recursion { any; };
     allow-query { any; };
     allow-query-cache { any; };
     allow-transfer { any; };

So, know .. what is happening :